<?php
if (isset($_SESSION['perm']) && $_SESSION['perm'] == 3) {
	$perm = $_SESSION['perm'];
	if (!isset($_POST['updateAccount'])) { // page load - get account info
		
		$sql = 'SELECT u.username, u.pwd, u.salt, u.fname, u.lname, u.phone, u.email, s.pic, s.zip, s.work, s.exp, s.edu, s.sal, s.about, s.jobId 
				FROM user u
				INNER JOIN staff s
				ON u.userId = s.userId
				WHERE u.userId = ?';
		$stmt = $dbc->stmt_init();
		$stmt->prepare($sql);
		$stmt->bind_param('s', $_SESSION['userId']);
		$stmt->execute();
		$stmt->bind_result($username, $password, $salt, $fname, $lname, $phone, $email, $image, $zip, $field, $exp, $edu, $sal, $about, $job);	
		$stmt->fetch();	
		$stmt->close();
		
		$retyped = $password;
		$currentpwd = $password;
	} // done getting account info
	else { // if user updates account
		$errors = array();
		$success = array();
		$username = trim($_POST['username']);
		$fname = trim($_POST['fname']);
		$lname = trim($_POST['lname']);
		$phone = trim($_POST['phone']);
		
		$email = trim($_POST['email']);
		
		
		$zip = trim($_POST['zip']);
		$field = trim($_POST['field']);
		$exp = trim($_POST['exp']);
		$edu = trim($_POST['edu']);
		$sal = trim($_POST['sal']);
		$job = trim($_POST['job']);
		$about = trim($_POST['about']);
		
		$password = trim($_POST['pwd']);
		$retyped = trim($_POST['conf_pwd']);
		$currentpwd = $_POST['currentpwd'];
		$salt = $_POST['salt'];
		
		$oldpic = $_POST['oldpic'];
		
		$max = 5242880;
		if (empty($_FILES['pic']['name'])){ 
			$image = $oldpic;
		}
		else {
			//var_dump($_FILES['pic']['name']);
			// define the path to the upload folder
			//$destination = 'C:\xampp\htdocs\www\tps\images\users\\';
			$destination = '/home/content/r/e/d/redpanda/html/www/tps/images/users/';
			require_once('./classes/Ja1/upload.php');
			try {
				$upload = new Ja1_Upload($destination);
				$upload->setMaxSize($max);
				$image = $upload->getName();
				$upload->move();
				$result = $upload->getMessages();
				$result2 = $upload->getMessages2();
				$success = $upload->getSuccess();
			}
			catch (Exception $e) {
				echo $e->getMessages();
				echo $e->getMessages2();
			}	
		}
		
			if (isset($success) && count($success) > 0) 
			{
				$image = 'images/users/'.$image;
				// Set a maximum height and width
				$width = 280;
				$height = 280;

				// Get new dimensions
				list($width_orig, $height_orig) = getimagesize($image);

				$ratio_orig = $width_orig/$height_orig;

				if ($width/$height > $ratio_orig) {
			   		$width = $height*$ratio_orig;
				} else {
			   		$height = $width/$ratio_orig;
				}

				// Resample
				$image_p = imagecreatetruecolor($width, $height);
				if (exif_imagetype($image) == IMAGETYPE_GIF) {
    				$newimage = imagecreatefromgif($image);
					imagecopyresampled($image_p, $newimage, 0, 0, 0, 0, $width, $height, $width_orig, $height_orig);
					imagegif($image_p, $image);
					//$oldpic = $image;
					if ($oldpic != 'images/users/default.jpg' && file_exists($oldpic)) {
						unlink($oldpic);
					}
					$success = "Profile Picture Updated!";
				}
				else if (exif_imagetype($image) == IMAGETYPE_JPEG) {
    				$newimage = imagecreatefromjpeg($image);
					imagecopyresampled($image_p, $newimage, 0, 0, 0, 0, $width, $height, $width_orig, $height_orig);
					imagejpeg($image_p, $image);
					//$avatar = $image;
					if ($oldpic != 'images/users/default.jpg' && file_exists($oldpic)) {
						unlink($oldpic);
					}
					$success = "Profile Picture Updated!";
				}
				else if (exif_imagetype($image) == IMAGETYPE_PNG) {
    				$newimage = imagecreatefrompng($image);
					imagecopyresampled($image_p, $newimage, 0, 0, 0, 0, $width, $height, $width_orig, $height_orig);
					imagepng($image_p, $image);
					//$avatar = $image;
					if ($oldpic != 'images/users/default.jpg' && file_exists($oldpic)) {
						unlink($oldpic);
					}
					$success = "Profile Picture Updated!";
				}
				else {
					$success = '';
					unset($success);
					$errors[] = 'Invalid file type. (JPEG, GIF, PNG only.)';
					
					if ($image != 'images/users/default.jpg' && file_exists($image)) {
						unlink($image);
					}
					$image = $oldpic;
				}
			} else { 
				$image = $oldpic;
				$errors = array_merge($errors, $success);
				//$errors[] = 'The selected image cannot be used.';
				$success = '';
				unset($success);
			}	
		
		
		$MinChars = 1;
		if (strlen($username) < $MinChars || strlen($fname) < $MinChars || strlen($lname) < $MinChars || strlen($phone) < 10) {
			$errors[] = "A field was left empty or has an invalid value.";
		}
		
		if ($perm == 3) {
			if ($field == "choose") {
				$errors[] = "You must select a career field.";	
			}
			if ($exp == "choose") {
				$errors[] = "You must provide your years work experience.";	
			}
			if ($edu == "0" || $edu == 0) {
				$errors[] = "You must provide you education level.";	
			}
			if ($sal == "0" || $sal == 0) {
				$errors[] = "You must select a salary range.";	
			}
			if (strlen($zip) < 5) {
				$errors[] = "Invalid zip code.";	
			}
		}

		$validemail = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
		if (!$validemail) {
			$errors[] = 'Invalid Email';
		}
	
		if ($password != $currentpwd) {
			require_once ('./classes/Ja1/checkpassword.php');
			$checkpwd = new Ja1_CheckPassword($password);
			$checkpwd->requireMixedCase();
			$checkpwd->requireNumbers(2);
			$checkpwd->requireSymbols();
			$passwordOK = $checkpwd->check();
			if (!$passwordOK) {
				$errors = array_merge($errors, $checkpwd->getErrors());
			}
		}
		if ($password != $retyped) {
			$errors[] = "Your passwords don't match.";
		}
		
		
		if (!$errors) { // Store changes to DB if no errors
			$pwd = $password;
			if ($password != $currentpwd){
				$salt = time();
				$pwd = sha1($password . $salt);
			}
			
			
			// update account db
			$sql = 'UPDATE user u 
					INNER JOIN staff s 
					ON u.userId = s.userId
					SET u.username = ?, u.pwd = ?, u.salt = ?, u.fname = ?, u.lname = ?, u.phone = ?, u.email = ?,
					s.pic = ?, s.zip = ?, s.work = ?, s.exp = ?, s.edu = ?, s.sal = ?, s.about = ?
					WHERE u.userId = ?';
			$stmt = $dbc->stmt_init();
			$stmt = $dbc->prepare($sql);
			$stmt->bind_param('ssssssssssssssi', $username, $pwd, $salt, $fname, $lname, $phone, $email, $image, $zip, $field, $exp, $edu, $sal, $about, $_SESSION['userId']);
			$stmt->execute();
			
			if ($stmt->affected_rows == 1) {
				$success = 'Changes have been successfully made to your account.<br /><br />';		
			}
			elseif ($stmt->errno == 1062) {
				$errors[] = "That username is not available.";
			}
			else {
				$errors[] = 'No changes were made.';
			}
			$stmt->close();
	
		} // END saving		
	} // END SUBMIT
	?>
    
  
<!-- FORM FIELDS -->
    <h2>Account</h2><br />
	<?php
	// disply messages
	if (isset($result)) {
		foreach ($result as $message) {
			echo $message.'<br />';
		}
	}
	if (isset($success)) {
		echo $success.'<br />';
	}
	else {
		if (isset($errors) && !empty($errors)) {
			foreach ($errors as $error) {
				echo "<font color='red'>$error</font><br />";
			}
			echo '<br /><br />';
		}
	}
	?>
	<form id="updateAccountForm" method="POST" action="" enctype="multipart/form-data">
	  	
	<input type="hidden" name="salt" value="<?php echo $salt; ?>" />
	<input type="hidden" name="currentpwd" value="<?php echo $currentpwd; ?>" />
    <input type="hidden" name="oldpic" value="<?php echo $image; ?>" />
    <input type="hidden" name="job" value="<?php echo $job; ?>" />
    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max; ?>">
    
   	<div style="float:left;width:525px;text-align:right; line-height:19px;">
    	<label for="pic">PROFILE PICTURE:&nbsp;</label>
    </div>
    <div style="float:left;text-align:left;line-height:20px;">
    	<img src="<?php echo $image; ?>" border="1" style="max-width:280px;max-height:280px;margin-right:280px;" /><br /><br />
	</div>
    
    <div style="float:left;width:525px;text-align:right; line-height:19px;">
    	<label for="pic">UPLOAD PICTURE:&nbsp;</label><br /><br />
		<label for="username">USERNAME:&nbsp;</label><br /><br />
        <label for="pwd">PASSWORD:&nbsp;</label><br /><br />
    	<label for="conf_pwd">RETYPE PASSWORD:&nbsp;</label><br /><br /><br />
        <label for="fname">FIRST NAME:&nbsp;</label><br /><br />
        <label for="lname">LAST NAME:&nbsp;</label><br /><br />
        <label for="phone">PHONE:&nbsp;</label><br /><br />
        <label for="email">EMAIL:&nbsp;</label>
    </div>
    
    <div style="float:left;text-align:left;line-height:20px;">
    	<input type="file" name="pic" id="pic" /><br /><br />
    	<input name="username" id="username" type="text" <?php if (isset($username)) { echo 'value="'.$username.'"'; } ?> onclick='value=""'><br /><br />
		<input name="pwd" id="pwd" type="password" <?php if ((isset($password)) && ($password == $retyped)) { echo 'value="'.$password.'"'; } ?> onclick='value=""'><br /><br />
		<input name="conf_pwd" id="conf_pwd" type="password" <?php if ((isset($password)) && ($password == $retyped)) { echo 'value="'.$retyped.'"'; } ?> onclick='value=""'><br /><br /><br />
        <input name="fname" id="fname" type="text" <?php if (isset($fname)) { echo 'value="'.$fname.'"'; } ?> onclick='value=""'><br /><br />
        <input name="lname" id="lname" type="text" <?php if (isset($lname)) { echo 'value="'.$lname.'"'; } ?> onclick='value=""'><br /><br />
        <input name="phone" id="phone" type="text" <?php if (isset($phone)) { echo 'value="'.$phone.'"'; } ?> onclick='value=""'><br /><br />
        <input name="email" id="email" type="text" <?php if (isset($email)) { echo 'value="'.$email.'"'; } ?> onclick='value=""'><br /><br />
        <br />
    </div>
    
    <div style="float:left;width:1120px;text-align:center;line-height:20px;">
    	<label for="about">RESUME</label><br />
        <textarea name="about" id="about" ><?php if (isset($about)) { echo $about; } ?></textarea><br /><br />
        <script language="javascript1.2">make_wyzz('about');</script>
    </div>
    
    <div style="width:1180px;float:left;"><div style="float:left;margin-left:425px;text-align:left;">
    	<!--<input type="radio" name="perm" id="perm1" class="perm1" value="1" <?php //if (isset($perm) && $perm == "1") { echo 'checked'; } ?> />&nbsp;Admin - Here simply so the instructor can easily see all parts.<br />
    	<input type="radio" name="perm" id="perm2" class="perm2" value="2" <?php //if (isset($perm) && $perm == "2") { echo 'checked'; } ?> />&nbsp;Client - Looking to hire.<br />-->
   		<input type="radio" name="perm" id="perm3" class="perm3" value="3" <?php if ((isset($perm) && $perm == "3") || !isset($perm)) { echo 'checked'; } ?> />&nbsp;Staff - Looking for work.<br /><br /><br />
    </div></div>
    
    <!--<div id="client_form" <?php //if (isset($perm) && $perm == "2") { echo 'class="form_unhide"'; } else { echo 'class="hidden"'; } ?>>
    	<div style="float:left;width:525px;text-align:right; line-height:19px;">
        	<label for="company">COMPANY:&nbsp;</label>
        </div>
        <div style="float:left;text-align:left;line-height:20px;">
        	<input name="company" id="company" type="text" <?php //if (isset($_POST['addBtn'])) { echo 'value="'.$company.'"'; } ?> onclick='value=""'><br /><br />
        </div>
    </div>-->
    
    <div id="staff_form" <?php if ((isset($perm) && $perm == "3") || !isset($perm)) { echo 'class="form_unhide"'; } else { echo 'class="hidden"'; } ?>>
    	<div style="float:left;width:525px;text-align:right; line-height:19px;">
        	<label for="work">FIELD:&nbsp;</label><br /><br />
            <label for="exp">EXPERIANCE:&nbsp;</label><br /><br />
            <label for="edu">EDUCATION:&nbsp;</label><br /><br />
            <label for="sal">SALARY:&nbsp;</label><br /><br />
            <label for="zip">ZIPCODE:&nbsp;</label><br /><br />
        </div>
        <div style="float:left;text-align:left;line-height:20px;">
        	<?php include('./includes/field.php');	?><br /><br />
            <select name="exp">
            	<option value="choose" <?php if (!isset($exp)) { echo 'selected'; } ?>>Choose</option>
				<option value="0"<?php if(isset($exp) && $exp == '0'){echo 'selected';}?>>None</option>
                <option value="1"<?php if(isset($exp) && $exp == '1'){echo 'selected';}?>>1 Year</option>
                <option value="2"<?php if(isset($exp) && $exp == '2'){echo 'selected';}?>>2 Years</option>
                <option value="3"<?php if(isset($exp) && $exp == '3'){echo 'selected';}?>>3 Years</option>
                <option value="4"<?php if(isset($exp) && $exp == '4'){echo 'selected';}?>>4 Years</option>
                <option value="5"<?php if(isset($exp) && $exp == '5'){echo 'selected';}?>>5 Years</option>
                <option value="6"<?php if(isset($exp) && $exp == '6'){echo 'selected';}?>>6 Years</option>
                <option value="7"<?php if(isset($exp) && $exp == '7'){echo 'selected';}?>>7 Years</option>
                <option value="8"<?php if(isset($exp) && $exp == '8'){echo 'selected';}?>>8 Years</option>
                <option value="9"<?php if(isset($exp) && $exp == '9'){echo 'selected';}?>>9 Years</option>
                <option value="10"<?php if(isset($exp) && $exp == '10'){echo 'selected';}?>>10 Years</option>
                <option value="11"<?php if(isset($exp) && $exp == '11'){echo 'selected';}?>>11 Years</option>
                <option value="12"<?php if(isset($exp) && $exp == '12'){echo 'selected';}?>>12 Years</option>
                <option value="13"<?php if(isset($exp) && $exp == '13'){echo 'selected';}?>>13 Years</option>
                <option value="14"<?php if(isset($exp) && $exp == '14'){echo 'selected';}?>>14 Years</option>
                <option value="15"<?php if(isset($exp) && $exp == '15'){echo 'selected';}?>>15+ Years</option>
            </select><br /><br />
            <select name="edu">
            	<option value="0" <?php if (!isset($edu)) { echo 'selected'; } ?>>Choose</option>
				<option value="1"<?php if(isset($edu) && $edu == '1'){echo 'selected';}?>>High School</option>
                <option value="2"<?php if(isset($edu) && $edu == '2'){echo 'selected';}?>>Associate Degree</option>
                <option value="3"<?php if(isset($edu) && $edu == '3'){echo 'selected';}?>>Bachelor's Degree</option>
                <option value="4"<?php if(isset($edu) && $edu == '4'){echo 'selected';}?>>Advanced Degree</option>
            </select><br /><br />
           	<select name="sal">
            	<option value="0" <?php if (!isset($sal)) { echo 'selected'; }?>>Choose</option>
                <option value="1"<?php if(isset($sal) && $sal == '1'){echo 'selected';}?>>$30,000.00+</option>
                <option value="2"<?php if(isset($sal) && $sal == '2'){echo 'selected';}?>>$40,000.00+</option>
                <option value="3"<?php if(isset($sal) && $sal == '3'){echo 'selected';}?>>$50,000.00+</option>
                <option value="4"<?php if(isset($sal) && $sal == '4'){echo 'selected';}?>>$60,000.00+</option>
                <option value="5"<?php if(isset($sal) && $sal == '5'){echo 'selected';}?>>$70,000.00+</option>
                <option value="6"<?php if(isset($sal) && $sal == '6'){echo 'selected';}?>>$80,000.00+</option>
                <option value="7"<?php if(isset($sal) && $sal == '7'){echo 'selected';}?>>$90,000.00+</option>
                <option value="8"<?php if(isset($sal) && $sal == '8'){echo 'selected';}?>>$100,000.00+</option>
                <option value="9"<?php if(isset($sal) && $sal == '9'){echo 'selected';}?>>$125,000.00+</option>
                <option value="10"<?php if(isset($sal) && $sal == '10'){echo 'selected';}?>>$150,000.00+</option>
            </select><br /><br />
             <input name="zip" id="zip" type="text" <?php if (isset($zip)) { echo 'value="'.$zip.'"'; } ?> onclick='value=""'><br /><br />
        </div>
    </div>
    
	<div style="width:1120px;float:left;text-align:center;">
    	<input name="updateAccount" id="updateAccount" type="submit" value="Update"><br /><br />
    </div>

    </form>
    
<?php	
 } // end if $auid isset
?>
